Tag
The article details a supply-chain attack on the TanStack library via NPM, offering a comprehensive guide to protect development environments by locking dependency ages, pinning versions, and auditing CI/CD pipelines and IDE extensions.
A high-severity supply-chain compromise affected 42 TanStack npm packages, exfiltrating cloud credentials and SSH keys. Users are advised to rotate credentials and reinstall from clean lockfiles if they installed packages during the attack window.
Reports indicate a security compromise affecting TanStack NPM packages, impacting developers using the TanStack Router and Start frameworks.
TanStack has released TanStack AI, a new fully open-source toolkit designed for developers.
The official TanStack AI OpenTelemetry support is now available, offering an open-source backend for traces, datasets, and replay to improve debuggability.
Developer shares experience building a local-first knowledge base using MCPs, Strapi, TanStack, and Ollama with Gemma 4, noting easy switch to frontier models like Claude.